screenpipe
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted data from the screen (OCR) and audio recordings that could contain malicious instructions aimed at the agent.
- Ingestion points: Data enters the agent's context through the 'search_screen_content' and 'search_audio_transcripts' tools, which fetch data from the local Screenpipe API.
- Boundary markers: The skill lacks explicit boundary markers or instructions to treat the retrieved content as untrusted data rather than agent instructions.
- Capability inventory: The skill performs network operations on the local host (localhost:3030) to retrieve sensitive history.
- Sanitization: No sanitization or filtering logic is described to neutralize potential instructions embedded within the OCR or transcripts.
Audit Metadata